On 21-May-23 10:29 PM, Brian E Carpenter wrote: > And there's the problem. The operator of a large network cannot possibly > know which extension headers every host on the network needs. It's called > permissionless innovation, and is supposed to be one of the main success > factors for the Internet.
I think the problem with this approach, which I'm interpreting as "allow everything", is that people responsible for the security of public, and especially private, networks need to consider whether any such innovations might introduce new vulnerabilities. Remember that, for example, CISOs looking after the security of some enterprises may fall foul of regulatory obligations if they cannot show that their networks are as secure as is practical. More generally, anyone operating zero trust principles would surely only allow those features that they deem necessary, selected extension headers in this case. This would seem consistent with the point that Fernando made earlier in the thread. Andrew _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec